feat(kde): add akonadi_* profiles.

apparmor.d/groups/akonadi/akonadi_akonotes_resource

@@ -0,0 +1,39 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_akonotes_resource
+profile akonadi_akonotes_resource @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/freedesktop.org>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi_akonotes_resource_[0-9]rc r,
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_akonotes_resource_[0-9]{,_changes.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_akonotes_resource>
+}

apparmor.d/groups/akonadi/akonadi_archivemail_agent

@@ -0,0 +1,47 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_archivemail_agent
+profile akonadi_archivemail_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  /etc/machine-id r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/kmail2rc r,
+  owner @{user_config_dirs}/#[0-9]* rw,
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_archivemail_agent_changes{,.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/emaildefaults r,
+  owner @{user_config_dirs}/emailidentities.lock rwk,
+  owner @{user_config_dirs}/emailidentities* rwl,
+
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+  @{PROC}/sys/kernel/random/boot_id r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_archivemail_agent>
+}

apparmor.d/groups/akonadi/akonadi_birthdays_resource

@@ -0,0 +1,38 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_birthdays_resource
+profile akonadi_birthdays_resource @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/freedesktop.org>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_birthdays_resource{,_changes.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_birthdays_resource>
+}

apparmor.d/groups/akonadi/akonadi_contacts_resource

@@ -0,0 +1,41 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_contacts_resource
+profile akonadi_contacts_resource @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/freedesktop.org>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi_contacts_resource_[0-9]rc r,
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_contacts_resource_[0-9]{,_changes.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  owner @{user_share_dirs}/contacts/ r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_contacts_resource>
+}

apparmor.d/groups/akonadi/akonadi_control

@@ -0,0 +1,40 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_control
+profile akonadi_control @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/freedesktop.org>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/akonadi_*      rPUx,
+  /{usr/,}bin/akonadiserver  rPx,
+
+  /usr/share/akonadi/{,**} r,
+  /usr/share/hwdata/*.ids r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+  owner @{user_cache_dirs}/akonadi/{,**} rwl,
+
+  owner @{user_config_dirs}/akonadi/{,**} r,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal} rwk,
+
+  owner @{user_share_dirs}/akonadi/{,**} rwl,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  include if exists <local/akonadi_control>
+}

apparmor.d/groups/akonadi/akonadi_followupreminder_agent

@@ -0,0 +1,42 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_followupreminder_agent
+profile akonadi_followupreminder_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/freedesktop.org>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network netlink dgram,
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_followupreminder_agent{,_changes.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_followupreminder_agent>
+}

apparmor.d/groups/akonadi/akonadi_ical_resource

@@ -0,0 +1,40 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_ical_resource
+profile akonadi_ical_resource @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/akonadi_ical_resource_[0-9]/{,*} r,
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+  owner @{user_config_dirs}/akonadi_ical_resource_[0-9]rc r,
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_ical_resource_[0-9]{,_changes.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+  owner @{user_share_dirs}/apps/korganizer/*.ics r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_ical_resource>
+}

apparmor.d/groups/akonadi/akonadi_indexing_agent

@@ -0,0 +1,45 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_indexing_agent
+profile akonadi_indexing_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  /etc/machine-id r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi_indexing_agentrc r,
+  owner @{user_config_dirs}/akonadi/#[0-9]* rw,
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_indexing_agent* rwlk,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  owner @{user_share_dirs}/akonadi/search_db/** rwk,
+
+  @{PROC}/sys/kernel/core_pattern r,
+  @{PROC}/sys/kernel/random/boot_id r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_indexing_agent>
+}

apparmor.d/groups/akonadi/akonadi_maildir_resource

@@ -0,0 +1,41 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_maildir_resource
+profile akonadi_maildir_resource @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_maildir_resource_[0-9]{,_changes.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/akonadi_maildir_resource_[0-9]rc r,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  owner @{user_share_dirs}/local-mail/{,**} r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+ 
+  /dev/tty r,
+
+  include if exists <local/akonadi_maildir_resource>
+}

apparmor.d/groups/akonadi/akonadi_maildispatcher_agent

@@ -0,0 +1,45 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_maildispatcher_agent
+profile akonadi_maildispatcher_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink dgram,
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_maildispatcher_agent_changes.dat r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+  owner @{user_config_dirs}/specialmailcollectionsrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_maildispatcher_agent>
+}

apparmor.d/groups/akonadi/akonadi_mailfilter_agent

@@ -0,0 +1,50 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_mailfilter_agent
+profile akonadi_mailfilter_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  ptrace (read) peer=akonadi_archivemail_agent,
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  /etc/machine-id r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/#[0-9]* rw,
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_mailfilter_agent_changes{,.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/emaildefaults r,
+  owner @{user_config_dirs}/emailidentities.lock rwk,
+  owner @{user_config_dirs}/emailidentities* rwl,
+  owner @{user_config_dirs}/kmail2rc r,
+  owner @{user_config_dirs}/specialmailcollectionsrc r,
+
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+  @{PROC}/sys/kernel/random/boot_id r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_mailfilter_agent>
+}

apparmor.d/groups/akonadi/akonadi_mailmerge_agent

@@ -0,0 +1,44 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_mailmerge_agent
+profile akonadi_mailmerge_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+  network netlink dgram,
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_mailmerge_agent_changes.dat r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_mailmerge_agent>
+}

apparmor.d/groups/akonadi/akonadi_migration_agent

@@ -0,0 +1,40 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_migration_agent
+profile akonadi_migration_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/X-strict>
+  include <abstractions/dri-common>
+  include <abstractions/nameservice-strict>
+  include <abstractions/mesa>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_migration_agent_changes{,.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  owner @{user_share_dirs}/akonadi_migration_agent/{,**} rw,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_migration_agent>
+}

apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent

@@ -0,0 +1,46 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_newmailnotifier_agent
+profile akonadi_newmailnotifier_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  /etc/machine-id r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/#[0-9]* rw,
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_newmailnotifier_agent_changes{,_changes.dat,.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/emaildefaults r,
+  owner @{user_config_dirs}/emailidentities.lock rwk,
+  owner @{user_config_dirs}/emailidentities* rwl,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kmail2rc r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+  @{PROC}/sys/kernel/random/boot_id r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_newmailnotifier_agent>
+}

apparmor.d/groups/akonadi/akonadi_notes_agent

@@ -0,0 +1,43 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_notes_agent
+profile akonadi_notes_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+  network netlink dgram,
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_notes_agent_changes{,.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_notes_agent>
+}

apparmor.d/groups/akonadi/akonadi_sendlater_agent

@@ -0,0 +1,44 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_sendlater_agent
+profile akonadi_sendlater_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/X-strict>
+  include <abstractions/dri-common>
+  include <abstractions/nameservice-strict>
+  include <abstractions/mesa>
+
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+  network netlink dgram,
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/akonadi/agent_config_akonadi_sendlater_agent_changes{,.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/tty r,
+
+  include if exists <local/akonadi_sendlater_agent>
+}

apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent

@@ -0,0 +1,37 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/akonadi_unifiedmailbox_agent
+profile akonadi_unifiedmailbox_agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/X-strict>
+
+  @{exec_path} mr,
+
+  /usr/share/hwdata/*.ids r,
+  /usr/share/icons/{,**} r,
+  /usr/share/mime/{,**} r,
+  /usr/share/qt/translations/*.qm r,
+
+  owner @{user_cache_dirs}/icon-cache.kcache rw,
+
+  owner @{user_config_dirs}/{*,akonadi/}agent_config_akonadi_unifiedmailbox_agent{,_changes.dat,.conf_changes.dat} r,
+  owner @{user_config_dirs}/{*,akonadi/}akonadi_unifiedmailbox_agent{,_changes.dat,.conf_changes.dat} r,
+  owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
+  owner @{user_config_dirs}/kdedefaults/kdeglobals r,
+  owner @{user_config_dirs}/kdedefaults/kwinrc r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+
+  @{PROC}/sys/kernel/core_pattern r,
+
+  include if exists <local/akonadi_unifiedmailbox_agent>
+}

dists/flags/main.flags

@@ -3,6 +3,43 @@
 
 acpid attach_disconnected,complain
 agetty complain
+akonadi_agent_launcher complain
+akonadi_agent_server complain
+akonadi_akonotes_resource complain
+akonadi_archivemail_agent complain
+akonadi_birthdays_resource complain
+akonadi_contacts_resource complain
+akonadi_control complain
+akonadi_davgroupware_resource complain
+akonadi_etesync_resource complain
+akonadi_ews_resource complain
+akonadi_ewsmta_resource complain
+akonadi_followupreminder_agent complain
+akonadi_google_resource complain
+akonadi_ical_resource complain
+akonadi_icaldir_resource complain
+akonadi_imap_resource complain
+akonadi_indexing_agent complain
+akonadi_knut_resource complain
+akonadi_kolab_resource complain
+akonadi_maildir_resource complain
+akonadi_maildispatcher_agent complain
+akonadi_mailfilter_agent complain
+akonadi_mailmerge_agent complain
+akonadi_mbox_resource complain
+akonadi_migration_agent complain
+akonadi_mixedmaildir_resource complain
+akonadi_newmailnotifier_agent complain
+akonadi_notes_agent complain
+akonadi_notes_resource complain
+akonadi_openxchange_resource complain
+akonadi_pop3_resource complain
+akonadi_rds complain
+akonadi_sendlater_agent complain
+akonadi_tomboynotes_resource complain
+akonadi_unifiedmailbox_agent complain
+akonadi_vcard_resource complain
+akonadi_vcarddir_resource complain
 anacron complain
 atd complain
 atril-previewer complain